"Hacking" is a matter of reversibility

The field of cybersecurity has an odd mystique to it, which is part of what drew me to the field. It also has drawbacks, namely a difficulty in communication that leads to astonishing levels of burnout and turnover - by some sources, CISOs last between six and eighteen months. In no engineering field is that a good sign.

Within normal engineering, you have electrical engineers and materials engineers (hi!) and civil engineers and so on, and, well, they work together, respecting each other as professionals. I think a big part of that is that, whilst I civil engineer might not understand everything about sparks that the electrical engineer does, engineers as a whole have a common core of heuristics that are good enough to discriminate between a professional in a different specialty, and a snake oil salesman. You could argue it's an NP problem. As you get further from engineering - into marketing, say - those heuristics break down and so the confidence (from engineers) that a colleague is actually useful also breaks down, hence the tension between the fields (for evidence: any Dilbert, any Hacker News thread, ask one).

One particular heuristic stands out for me regarding computers, and it comes from fairly fundamental physics. Let's say you want to make an axe. Here are the steps, roughly, to make one, that have applied in some form for millennia:

• Cut down a tree, and shave some bits off. You now have logs.
• Cut the logs down further, into lumber. Now cut some of the lumber into a handle shape.
• Dig up some iron ore, and some coking coal. Or use charcoal, made from burning more trees in a deficit of oxygen. Burn them together in a refractory furnace (depending on your state of technological development, you might have oxygen available at this point - bully for you). You now have a slag, which, with a bit more processing, is iron.
• Treat the iron a bit more (I'm skipping a fair bit here), hammer it, shape it - you have a axe blade.
• Assemble the two.

I've described an axe, but really a similar set of instructions could describe almost anything we make, with various extra steps and different ways of getting raw materials to processed ones. However they're all - in a very strict sense - irreversible. You can't easily turn logs back into tree, or axe blade into iron ore. Every time you turn a generally useful thing, such as a tree, into something useful for one specific thing, such as an axe handle, you pay a cost in terms of the things that tree can no longer become. Entropy will have its dues. Almost all industries do this. You might also note, the last step, the "integration" step, is possibly an exception to this.

Computing doesn't. If you want a computer to do a specialised task, you're probably doing something like this:

• Take a computer, put an OS on it.
• Create a user account on the OS.
• Install a program associated with that account, and set up conditions to run it.

All of these steps are reversible - in practical terms, anyway (you need a few watts of easily-supplied power). It's as if you could wake up one day and your axe is now the dashboard for a luxury car, or an attractive staircase, or anything else you could make from iron ore and tree, just because someone else was good at persuading the atoms of your axe that they wanted to be something else today.

Most of the computer systems we interact with now have security in mind, which is to say, we constrain the systems' responses so that it doesn't try and reconfigure itself just because someone asked nicely. But underneath, it's almost all integration of parts whose general-purpose use is still there. It's also why the term "hackers" has the dual connotation - of threat actors lazily churning out macro-laden emails and of anarchic geniuses who MacGyver a printer into a games console, or who can embed end-to-end encrypted messaging into absolutely any application used to communicate.

I should probably send my apologies to Cory Doctorow and Neal Stephenson, both of whom do better explanations of the astonishing flexibility, the self-reconfiguring nature, of a computer. But this really is relevant - our engineering of Control Systems is better if we go in with the understand of what the tools actually are. Unless you physically burn the program you want to run onto the ROM, what they are is reversible.